Which encryption methods are used with WPA and WPA2?
|
WPA2 is more secure than its predecessor, WPA (Wi-Fi Protected Access), and should be used whenever possible. Wireless routers support multiple security protocols to secure wireless networks, including WEP, WPA and WPA2. Of the three, WPA2 is the most secure, as this comparison explains. Show
In 2018, the Wi-Fi Alliance released WPA3, which is now recommended over WPA2 but WPA3-certified hardware is not expected to be widely available until late 2019. PurposeIf a router is left unsecured, someone can steal your internet bandwidth, carry out illegal activities through your connection (and therefore in your name), monitor your internet activity, and install malicious software on your network. WPA and WPA2 are meant to protect wireless internet networks from such mischief by securing the network from unauthorized access. Security Quality and EncryptionWEP and WPA use RC4, a software stream cipher algorithm that is vulnerable to attack. Thanks to WEP's use of RC4, small key sizes, and poor key management, cracking software is able to break past WEP security within minutes. WPA was developed as a temporary solution to WEP's many shortcomings. However, WPA is still vulnerable because it is based on the RC4 stream cipher; the main difference between WEP and WPA is that WPA adds an extra security protocol to the RC4 cipher known as TKIP. But RC4 by itself is so problematic that Microsoft has urged users and companies to disable it when possible and rolled out an update in November 2013 that removed RC4 from Windows altogether.
Unlike its predecessors, WPA2 makes use of Advanced Encryption Standard (AES) and CCMP, a TKIP replacement. No devices or operating systems updated prior to 2004 can meet these security standards. As of March 2006, no new hardware or device can use the Wi-Fi trademark without recognizing the WPA2 certification program. AES is so secure that it could potentially take millions of years for a supercomputers' brute-force attack to crack its encryption. However, there is speculation, partially based on Edward Snowden's leaked National Security Agency (NSA) documents, that AES does have at least one weakness: a backdoor that might have been purposely built into its design. Theoretically, a backdoor would allow the U.S. government to gain access to a network more easily. With AES encryption serving as the backbone of WPA2 security and many other security measures for the internet, the potential existence of a backdoor is cause for great concern. Encryption SpeedSecurity measures can reduce the data speeds, or throughput, you are able to achieve in your local network. However, the security protocol you choose can dramatically change your experience. WPA2 is the fastest of the security protocols, while WEP is the slowest. The video below is of a series of performance tests that showcase the different throughput each security protocol can achieve. WPA2 Personal vs. WPA2 EnterpriseWireless routers usually offer two forms of WPA2: "Personal" and "Enterprise." Most home networks only have need for the personal setting. The video below describes the more technical differences between these two modes. How to Secure a Wi-Fi NetworkThe following video briefly explains how to select a security protocol in a Linksys router's settings. Strong PasswordsWhile WPA2 is superior to WPA and far superior to WEP, your router's security may ultimately depend on whether you use a strong password to secure it. This video explains how to create a strong password that is easy to remember. You can also generate a random password. Password generators like Norton Password Generator and Yellowpipe Encryption Key Generator create a random string of characters with a mix of capitalization, numbers, punctuation, etc. These are the most secure passwords, especially when they are longer and include special characters, but they are not easy to remember. Disadvantages of Wi-Fi Protected Setup (WPS)In 2011, researchers from the U.S. Department of Homeland Security released an open source tool called Reaver that demonstrated a vulnerability in routers that use Wi-Fi Protected Setup, or WPS, a standard used to make router setup easier for the average user. This vulnerability can allow brute-force attackers to gain access to network passwords, regardless of WPA or WPA2 use. If your router uses WPS (not all do), you should turn this feature off in your settings if you are able to do so. However, this is not a complete solution, as Reaver has been able to crack network security on routers with the WPS feature, even when it is turned off. The best, most secure solution is to use a router that has WPA2 encryption and no WPS feature. References
What type of encryption is used for WPA2 and WPA?Wi-Fi Protected Access Version 2 (WPA2): WPA2 is an advancement of WPA and contains an even higher level of security encryption for wifi networks. WPA2 uses the Advanced Encryption Standard (AES) which is also used by the U.S. government to protect classified documents.
What encryption mechanisms does WPA2 use?WPA2 replaces RC4 and TKIP with two stronger encryption and authentication mechanisms: Advanced Encryption Standard (AES) and Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), respectively.
What type of encryption is used for WPA2 and WPA have any vulnerabilities been found with these algorithms?WPA uses the Temporal Key Integrity Protocol (TKIP), which offers more security than WEP but less than WPA2. The nearly uncrackable Advanced Encryption Standard (AES) algorithm used with WPA2 addresses the security issues found in WPA.
|
